diff --git a/app/Http/Requests/Client/Servers/Backups/StoreBackupRequest.php b/app/Http/Requests/Client/Servers/Backups/StoreBackupRequest.php
index 8a1696ff676..489917eee06 100644
--- a/app/Http/Requests/Client/Servers/Backups/StoreBackupRequest.php
+++ b/app/Http/Requests/Client/Servers/Backups/StoreBackupRequest.php
@@ -5,6 +5,7 @@
 use Convoy\Http\Requests\BaseApiRequest;
 use Convoy\Models\Backup;
 use Convoy\Enums\Server\BackupMode;
+use Convoy\Models\Server;
 use Illuminate\Validation\Rules\Enum;
 use Illuminate\Foundation\Http\FormRequest;
 use Convoy\Enums\Server\BackupCompressionType;
@@ -13,7 +14,7 @@ class StoreBackupRequest extends BaseApiRequest
 {
     public function authorize(): bool
     {
-        return $this->user()->can('create', $this->parameter('server', Backup::class));
+        return $this->user()->can('create', [Backup::class, $this->parameter('server', Server::class)]);
     }
 
     public function rules(): array
diff --git a/app/Http/Requests/Client/Servers/Settings/UpdateAuthSettingsRequest.php b/app/Http/Requests/Client/Servers/Settings/UpdateAuthSettingsRequest.php
index 2d2693e2622..f890c04d82a 100644
--- a/app/Http/Requests/Client/Servers/Settings/UpdateAuthSettingsRequest.php
+++ b/app/Http/Requests/Client/Servers/Settings/UpdateAuthSettingsRequest.php
@@ -3,10 +3,10 @@
 namespace Convoy\Http\Requests\Client\Servers\Settings;
 
 use Convoy\Http\Requests\BaseApiRequest;
+use Convoy\Models\Server;
 use Exception;
 use Convoy\Rules\Password;
 use Faker\Provider\Base;
-use Grpc\Server;
 use Illuminate\Validation\Validator;
 use Illuminate\Validation\Rules\Enum;
 use phpseclib3\Crypt\PublicKeyLoader;
diff --git a/app/Policies/ServerPolicy.php b/app/Policies/ServerPolicy.php
index f9e43ef473a..d489e3abbc0 100644
--- a/app/Policies/ServerPolicy.php
+++ b/app/Policies/ServerPolicy.php
@@ -7,9 +7,9 @@
 
 class ServerPolicy
 {
-    public function before(User $user, string $ability): ?bool
+    public function before(User $user, string $ability, Server $server): ?bool
     {
-        if ($user->root_admin) {
+        if ($user->root_admin || $user->id === $server->user_id) {
             return true;
         }
 
diff --git a/tests/Feature/Controllers/Client/Servers/SettingsControllerTest.php b/tests/Feature/Controllers/Client/Servers/SettingsControllerTest.php
index 93a5a6a5071..b1a209aa5ca 100644
--- a/tests/Feature/Controllers/Client/Servers/SettingsControllerTest.php
+++ b/tests/Feature/Controllers/Client/Servers/SettingsControllerTest.php
@@ -48,7 +48,7 @@
 
     [$user, $_, $_, $server] = createServerModel();
 
-    $response = $this->actingAs($user)->getJson("/api/client/servers/{$server->uuid}/settings/security");
+    $response = $this->actingAs($user)->getJson("/api/client/servers/{$server->uuid}/settings/auth");
 
     $response->assertOk();
 });
@@ -61,7 +61,7 @@
 
     [$user, $_, $_, $server] = createServerModel();
 
-    $response = $this->actingAs($user)->putJson("/api/client/servers/{$server->uuid}/settings/security", [
+    $response = $this->actingAs($user)->putJson("/api/client/servers/{$server->uuid}/settings/auth", [
         'type' => 'password',
         'password' => 'Advinservers is king!123',
     ]);